Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

3,221 advisories

Loading
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file()... High Unreviewed
CVE-2025-12638 was published Nov 28, 2025
Improper input sanitization in the file archives upload functionality of Eaton Galileo software... High Unreviewed
CVE-2025-59890 was published Nov 27, 2025
Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S... High Unreviewed
CVE-2025-66251 was published Nov 26, 2025
UnForm Server versions < 10.1.15 contain an unauthenticated arbitrary file read and SMB coercion... High Unreviewed
CVE-2025-34350 was published Nov 25, 2025
A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated... High Unreviewed
CVE-2025-12003 was published Nov 25, 2025
An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute... High Unreviewed
CVE-2025-60915 was published Nov 24, 2025
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2025-11001 was published Nov 20, 2025
Milos Paripovic OneCommander 3.102.0.0 is vulnerable to Directory Traversal. The vulnerability... High Unreviewed
CVE-2025-63371 was published Nov 19, 2025
esm.sh CDN service has arbitrary file write via tarslip High
CVE-2025-65025 was published for github.com/esm-dev/esm.sh (Go) Nov 19, 2025
pyozzi-toss
Credited to pyozzi-toss
A low privileged remote attacker can upload a new or overwrite an existing python script by using... High Unreviewed
CVE-2025-41736 was published Nov 18, 2025
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22)... High Unreviewed
CVE-2025-63680 was published Nov 14, 2025
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service ... High Unreviewed
CVE-2025-36236 was published Nov 14, 2025
JVC VN-T IP-camera models firmware versions up to 2016-08-22 (confirmed on the VN-T216VPRU model)... High Unreviewed
CVE-2016-15055 was published Nov 13, 2025
Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability.... High Unreviewed
CVE-2023-7327 was published Nov 13, 2025
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated... High Unreviewed
CVE-2021-4463 was published Nov 13, 2025
DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file... High Unreviewed
CVE-2022-4982 was published Nov 13, 2025
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... High Unreviewed
CVE-2025-11565 was published Nov 12, 2025
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... High Unreviewed
CVE-2025-12382 was published Nov 12, 2025
A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation... High Unreviewed
CVE-2025-11696 was published Nov 11, 2025
PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal... High Unreviewed
CVE-2018-25124 was published Nov 11, 2025
A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. The issue... High Unreviewed
CVE-2025-60574 was published Nov 8, 2025
AstrBot contains a directory traversal vulnerability High
CVE-2025-57698 was published for AstrBot (pip) Nov 7, 2025
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file... High Unreviewed
CVE-2025-62630 was published Nov 7, 2025
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file... High Unreviewed
CVE-2025-58423 was published Nov 7, 2025
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file... High Unreviewed
CVE-2025-59171 was published Nov 7, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database